1 / 28

CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF EMAIL FRAUD

CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF EMAIL FRAUD. SPEARPHISHING. Did You Know ... 91% Of Targeted Attacks Start With Spear-phishing Email

lali
Download Presentation

CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF EMAIL FRAUD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CYBER SECURITY-PHISHING: DON’T BECOME A VICTIM OF EMAIL FRAUD

  2. SPEARPHISHING Did You Know... 91% Of Targeted Attacks Start With Spear-phishing Email The word phishing comes from the analogy that Internet scammers are using e-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.

  3. SPEAR PHISHING The Phish appears to be legitimately addressed from someone within that company in a position of trust and request information such as login ID’s and passwords. Spear phishing scams will often appear to be from a company’s own human resources or technical support division and may ask employees to update their username and passwords. Once hackers get this data, they can gain entry into secured networks. Another type of spear phishing attack will ask users to click on a link, which deploys spyware that can steal data.

  4. WHAT IS PHISHING? • (fish’ing) (n) The act of sending an email to a user • falsely claiming to be an established legitimate • enterprise in an attempt to scam the user into • surrendering private information that will be used for • identity theft. • directs the user to visit a web site • update personal information • (passwords, credit card, social security and bank account numbers)

  5. PHISHING TECHNIQUES • Official looking and sounding emails • Copies legitimate corporate emails with minor URL changes • Standard virus/worm attachments to emails • IP addresses instead of domain names in hyperlinks • Setting up fake web sites that closely mimic the domain name of the target website.

  6. 3 THINGS TO REMEMBER • YOU have to do something to be attacked! • NEVER click on “Click Here” or embedded links! • NEVER give personal information over internet!

  7. TIPS TO HELP YOU RECOGNIZE PHISHING SCAMS AND FRAUDULENT EMAIL • Generic greeting • From and return path don’t match • Insecure site-look for https:// • Requests personal information • Sense of urgency • Spelling errors • Poor grammar • Forged link-beware of the @ symbol in the URL • Warns that you’ve been a victim of fraud • Rule of thumb: Anytime you are asked for personal information, it is a scam

  8. Source: http://www.sonicwall.com/furl/phishing/phishing-quiz-question.php

  9. Other Phishing Scams The "Nigerian" Scam: Costly Compassion 1997-Secret Service confirmed losses just in the US of over 100 million dollars in 15 months Help! I'm Stuck in London and I've Been Robbed! Fake FBI E-mails Seeking Personal Information Work-From-Home Scams Dormant African Account

  10. “HELP, IT’S ME” -----Original Message-----From: C. McGarrett; cmcgarrettfiveo@yahoo.com to: undisclosed recipients: ;Sent: Fri, Sep 2, 2011 7:25 amSubject: It's urgent, please respond It’s me, I really don't mean to inconvenience you right now. I made a little trip to Scotland, and misplaced my wallet that contains my passport and credit cards. Just hearing from me like this, sounds a little odd, but it all happened very fast. I've just been issued a temporary passport and also my ticket, but I'm short of funds to pay for the bills here. I've also been trying to reach my credit card company, but from the message I just received, I'll need some verifications like answering my home phone, and that will only happen when I'm home. Please, can you lend me some funds to secure the bills? I'll be willing to pay back as soon as I return.Please respond as soon as you get this message, so I can forward my details to send the money via western union or money gram, you can also contact me via the hotel's desk phone. The numbers are, 011448717947613, +448717947613Looking forward to your response. In HIS Service and Yours, Christian McGarrett Police Detective Sergeant and State Criminal Investigator http://www.identitytheftsecrets.com/identity-theft-secrets-readers-true-crime-story-traveling-email-scam

  11. Phishing Facts 6.1 Billion - Number of phishing e-mails sent world-wide each month $1,200 - Average loss to each person successfully phished (Federal Trade Commission) 15,451 - Number of unique phishing attacks in January 2006 (Anti-Phishing Working Group) 7,484 - Number of phishing Web sites found in January 2006 (Anti-Phishing Working Group) 27,221 - Number of phishing Web sites found in January 2007 (Anti-Phishing Working Group) Source: http://www.sonicwall.com/furl/phishing/

  12. USE COMMON SENSE – YOU need to do something to be attacked Why would a perfect stranger pick YOU-also a perfect stranger-to share a fortune with and why would you share your personal or business information, including your bank account numbers , with someone you don’t know? If it sounds too good to be true….IT IS!

  13. WHAT CAN I DO TO PREVENT PHISHING? • Keep all software updated , especially anti-virus • Stay away from shady websites • Do not respond to suspicious email and do not click on any links within the email • Only open email attachments if you're expecting them • If you get ERROR when making purchase-DO NOT CONTINUE • LOG OFF – Don’t just close browser • If doing private transaction, CLOSE TABS – Every open tab allows access to others. • YOU initiate connection /communication – Don’t click on link to get there • Call company by phone if you get a suspicious email but DO NOTcall the phone number in the email • Remove programs you don’t need • Reboot occasionally

  14. E-mail client configurationYOU control what you download Do NOT auto execute anything Do NOT automatically download HTML graphics or content Do NOT display graphics in message Do NOT allow executable html content Turn OFF Attachment Preview If NOT sure configure to “WARN ME BEFORE” You can control drive-by scripts running across the screen

  15. DISABLE PASSWORD OPTIONS

  16. WHAT TO DO IF YOU RECEIVE A SUSPICIOUS EMAIL DO NOTrespond to the email DO NOT CLICK ON A LINK IN AN EMAIL unless you are sure of the real target address. (Hover mouse over link and compare to email header—very close but does not match.) NEVERreveal personal or financial information in a response to an email request, no matter who appears to have sent it. D-E-L-E-T-Ethe email

  17. WHAT TO DO IF YOU’VE RESPONDED TO A PHISHING SCAM: • Report the incident -FTC, FBI, Secret Service, UNM IT Services • Change the passwords on all your onlineaccounts • Routinely review your credit card and bank statements • Use the latest products and services to help warn and protect you from online scams (Antivirus software can only protect you from known viruses.) protect you from known viruses.)

  18. If you think you have been a victim of a phishing scam or want further information, please contact Deb Kuidis at 277-0732 or dkuidis@unm.edu.http://research.unm.edu/industrialsecurity/

More Related